{%- set display_login = salt['pillar.get']('default:OMV_PROFTPD_DISPLAYLOGIN', '/srv/ftp/welcome.msg') -%}
{%- set show_display_login = salt['pillar.get']('default:OMV_PROFTPD_SHOW_DISPLAYLOGIN', 'yes') -%}
{%- set use_ipv6 = salt['pillar.get']('default:OMV_PROFTPD_USEIPV6', 'on') -%}
{%- set server_type = salt['pillar.get']('default:OMV_PROFTPD_SERVERTYPE', 'standalone') -%}
{%- set defer_welcome = salt['pillar.get']('default:OMV_PROFTPD_DEFERWELCOME', 'on') -%}
{%- set multi_line_rfc2228 = salt['pillar.get']('default:OMV_PROFTPD_MULTILINERFC2228', 'on') -%}
{%- set default_server = salt['pillar.get']('default:OMV_PROFTPD_DEFAULTSERVER', 'on') -%}
{%- set show_symlinks = salt['pillar.get']('default:OMV_PROFTPD_SHOWSYMLINKS', 'on') -%}
{%- set list_options = salt['pillar.get']('default:OMV_PROFTPD_LISTOPTIONS', '-l') -%}
{%- set max_instances = salt['pillar.get']('default:OMV_PROFTPD_MAXINSTANCES', '30') -%}
{%- set deny_filter = salt['pillar.get']('default:OMV_PROFTPD_DENYFILTER', '\*.*/') -%}
{%- set user = salt['pillar.get']('default:OMV_PROFTPD_USER', 'proftpd') -%}
{%- set group = salt['pillar.get']('default:OMV_PROFTPD_GROUP', 'nogroup') -%}
{%- set umask = salt['pillar.get']('default:OMV_PROFTPD_UMASK', '000 000') -%}
{%- set persistent_passwd = salt['pillar.get']('default:OMV_PROFTPD_PERSISTENTPASSWD', 'off') -%}
{%- set times_gmt = salt['pillar.get']('default:OMV_PROFTPD_TIMESGMT', 'off') -%}
{%- set setenv_tz = salt['pillar.get']('default:OMV_PROFTPD_SETENV_TZ', ':/etc/timezone') -%}
{%- set allow_overwrite = salt['pillar.get']('default:OMV_PROFTPD_ALLOWOVERWRITE', 'on') -%}
{%- set auth_order = salt['pillar.get']('default:OMV_PROFTPD_AUTHORDER', 'mod_auth_pam.c* mod_auth_unix.c') -%}
{%- set default_transfer_mode = salt['pillar.get']('default:OMV_PROFTPD_DEFAULTTRANSFERMODE', 'ascii') -%}
{%- set transfer_log = salt['pillar.get']('default:OMV_PROFTPD_TRANSFERLOG', '/var/log/proftpd/xferlog') -%}
{%- set timeout_no_transfer = salt['pillar.get']('default:OMV_PROFTPD_TIMEOUTNOTRANSFER', '600') -%}
{%- set timeout_stalled = salt['pillar.get']('default:OMV_PROFTPD_TIMEOUTSTALLED', '600') -%}
{%- set delete_aborted_stores = salt['pillar.get']('default:OMV_PROFTPD_DELETEABORTEDSTORES', 'off') -%}
{%- set anonymous_user = salt['pillar.get']('default:OMV_PROFTPD_ANONYMOUS_USER', 'ftp') -%}
{%- set anonymous_group = salt['pillar.get']('default:OMV_PROFTPD_ANONYMOUS_GROUP', 'nogroup') -%}
Include /etc/proftpd/modules.conf
{%- if ftp_config.modules.mod_tls.enable | to_bool %}
Include /etc/proftpd/tls.conf
{%- endif %}
UseIPv6 {{ use_ipv6 }}
ServerName {{ dns_config.hostname }}
ServerType {{ server_type }}
DeferWelcome {{ defer_welcome }}
MultilineRFC2228 {{ multi_line_rfc2228 }}
DefaultServer {{ default_server }}
ShowSymlinks {{ show_symlinks }}
DisplayChdir .message true
ListOptions "{{ list_options }}"
MaxInstances {{ max_instances }}
DenyFilter {{ deny_filter }}
User {{ user }}
Group {{ group }}
PersistentPasswd {{ persistent_passwd }}
TimesGMT {{ times_gmt }}
SetEnv TZ {{ setenv_tz }}
AllowOverwrite {{ allow_overwrite }}
AuthOrder {{ auth_order }}
DefaultTransferMode {{ default_transfer_mode }}
Port {{ ftp_config.port }}
TransferLog {% if ftp_config.transferlog | to_bool %}{{ transfer_log }}{% else %}NONE{% endif %}
UseReverseDNS {% if ftp_config.usereversedns | to_bool %}on{% else %}off{% endif %}
TimeoutIdle {{ ftp_config.timeoutidle }}
TimeoutNoTransfer {{ timeout_no_transfer }}
TimeoutStalled {{ timeout_stalled }}
{%- if ftp_config.usepassiveports | to_bool %}
PassivePorts {{ ftp_config.minpassiveports }} {{ ftp_config.maxpassiveports }}
{%- endif %}
{%- if ftp_config.masqueradeaddress | length > 0 %}
MasqueradeAddress {{ ftp_config.masqueradeaddress }}
{%- endif %}
{%- if ftp_config.limittransferrate | to_bool %}
{%- if ftp_config.maxuptransferrate > 0 %}
TransferRate STOR {{ ftp_config.maxuptransferrate }}
{%- endif %}
{%- if ftp_config.maxdowntransferrate > 0 %}
TransferRate RETR {{ ftp_config.maxdowntransferrate }}
{%- endif %}
{%- endif %}
{%- if ftp_config.allowrestart | to_bool %}
AllowRetrieveRestart on
AllowStoreRestart on
{%- endif %}
DeleteAbortedStores {{ delete_aborted_stores }}
{%- if ftp_config.allowforeignaddress | to_bool %}
AllowForeignAddress on
{%- endif %}
{%- if ftp_config.maxconnectionsperhost > 0 %}
MaxConnectionsPerHost {{ ftp_config.maxconnectionsperhost }}
{%- endif %}
{%- if show_display_login | to_bool %}
DisplayLogin {{ display_login }}
{%- endif %}
{%- if ftp_config.extraoptions | length > 0 %}
{{ ftp_config.extraoptions }}
{%- endif %}
<Directory />
  HideFiles (welcome.msg)
</Directory>
{%- if ftp_config.anonymous | to_bool %}
<Anonymous ~{{ anonymous_user }}>
  User {{ anonymous_user }}
  Group {{ anonymous_group }}
  UserAlias anonymous {{ anonymous_user }}
  DirFakeUser on {{ anonymous_user }}
  DirFakeGroup on {{ anonymous_user }}
  RequireValidShell off
  <Directory *>
    Umask {{ umask }}
    HideFiles (welcome.msg)
    <Limit WRITE>
      DenyAll
    </Limit>
  </Directory>
</Anonymous>
{%- endif %}
{# ================ Process shares ================ #}
{%- for share in ftp_config.shares.share | selectattr('enable') -%}
{%- set sf_config = salt['omv_conf.get']('conf.system.sharedfolder', share.sharedfolderref) -%}
{%- set limitall_allowuser = [] -%}
{%- set limitall_allowgroup = [] -%}
{%- set limitread_allowuser = [] -%}
{%- set limitread_allowgroup = [] -%}
{%- if ftp_config.rootlogin | to_bool -%}
{%- set _ = limitread_allowuser.append('root') -%}
{%- set _ = limitread_allowgroup.append('root') -%}
{%- endif -%}
{%- for privilege in sf_config.privileges.privilege | selectattr('type', 'equalto', 'user') -%}
{%- if privilege.perms == 5 -%}
{%- set _ = limitread_allowuser.append(privilege.name) -%}
{%- elif privilege.perms == 7 -%}
{%- set _ = limitall_allowuser.append(privilege.name) -%}
{%- endif %}
{%- endfor -%}
{%- for privilege in sf_config.privileges.privilege | selectattr('type', 'equalto', 'group') -%}
{%- if privilege.perms == 5 -%}
{%- set _ = limitread_allowgroup.append(privilege.name) -%}
{%- elif privilege.perms == 7 -%}
{%- set _ = limitall_allowgroup.append(privilege.name) -%}
{%- endif %}
{%- endfor -%}
<Directory /{{ sf_config.name }}>
  Umask {{ umask }}
  <Limit ALL>
{%- if limitall_allowuser | length > 0 %}
    AllowUser OR {{ limitall_allowuser | join(',') }}
{%- endif %}
{%- if limitall_allowgroup | length > 0 %}
    AllowGroup OR {{ limitall_allowgroup | join(',') }}
{%- endif %}
    DenyAll
  </Limit>
  <Limit READ DIRS>
{%- if (limitall_allowuser + limitread_allowuser) | length > 0 %}
    AllowUser OR {{ (limitall_allowuser + limitread_allowuser) | join(',') }}
{%- endif %}
{%- if (limitall_allowgroup + limitread_allowgroup) | length > 0 %}
    AllowGroup OR {{ (limitall_allowgroup + limitread_allowgroup) | join(',') }}
{%- endif %}
    DenyAll
  </Limit>
{%- if share.extraoptions | length > 0 %}
{{ share.extraoptions | indent(2, True) }}
{%- endif %}
</Directory>
{% endfor -%}
{%- if ftp_config.homesenable | to_bool and homedir_config.enable | to_bool -%}
<Directory ~/%u>
  <Limit ALL>
    AllowUser OR %u
    DenyAll
  </Limit>
  <Limit READ DIRS>
    AllowUser OR %u
    DenyAll
  </Limit>
</Directory>
{%- endif %}
